Privacy policy

This Privacy Policy describes how SUPERVISIÓN Y CONTROL, S.A.U. (“SYC” or “Us”) collects and processes your Personal Data, as well as the way we use and protect that information, in addition to the rights that you have in relation to it.

SYC shall collect and process the personal data in its capacity as the Data Controller You can contact Us through the channels enabled and indicated in paragraph 8 of this policy.

This Privacy Policy applies to all personal data that we collect about you in connection with the management of the vehicle technical inspection service as well as the use of our website. “Personal data” means any information relating to a identified or identifiable natural person (“the data subject”); an identifiable natural person shall be  considered a person who can be identified, directly or indirectly, in particular by using an identifier, such as a name, identification number, an online ID or one or more elements of physical, economic, cultural or social identity.

1. What personal data do we collect?

We collect your Personal Data through a variety of sources, including information that you provide us directly when you contact us using the contact form or via the appointment service available on our website, within the terms described below:

Please bear in mind that we must collect certain personal data as may be required by law, or as a consequence of the contractual relationship that we have with you. The refusal to provide such information may prevent or delay the implementation of such obligations. When collecting your personal information we will inform you on the obligation to provide such data as well as on the consequences of not doing so.

1.1 Personal Data that you provide to us directly

The categories of Personal Data that we collect directly from you include:

  1. Identification details: Name(s) and Surname(s); signature; Tax ID code (for the issuance of invoices).
  2. Contact details: phone number, email address and postal address.
  3. Details for the payment of the service: debit or credit card, bank account number (in the case of deferred invoicing).
  4. Other data such as: vehicle registration plate; vehicle’s identification number.
  5. In the case of legal persons: name and surname, email address: address and telephone of employees, representatives or contact person.
  6. Information we collect through cookies or other device identification technologies. You can find additional information on the use of Cookies and Identification Technologies in the cookies policiy.

1.2 Personal Data that we collect from other sources

We collect Personal Data about you through the General Directorate of Traffic: name and surname, ID card no., vehicle identification number, vehicle registration plate and information on having compulsory insurance.

If you have passed an inspection with an entity other than SYC and the result was unfavourable and wish to pass a second inspection at any of our stations, we will collect your data from the other company’s records in order to be able to provide the service.

If you request a duplicate of the technical inspection card because it has been lost or for any other reason, we will request the information contained in such card from the provincial traffic headquarters or the town hall of the place where the vehicle is registered.

1.3 Personal Data that you provide to us about third parties

When you provide personal data to SYC, such as contact information, and/or vehicle registration plate or any other data relating to third parties, you will be directly responsible to inform these people about their rights and to obtain their explicit consent, when necessary, with regard to the processing (including transfers) of their personal data, as may be deemed necessary and in accordance with the relevant local legislation on data protection, as set forth in this policy.

2. How and on what basis do we process your personal data?

We use and process personal data we collect about you for the purposes and with the legal grounds listed below:

  1. We will process your personal data in order to fulfil our contractual relationship with you so that we can:
    • Manage the appointment service for the technical inspection of vehicles, as well as to manage confirmation notices / appointment reminders by email and/or SMS, MMS, or instant messaging services (e.g. WhatsApp) or other equivalent electronic media.
    • Manage the payment of the online service, including sending confirmation notices for direct access to the inspection line, information and instructions for its access via SMS, MMS or instant messaging services (e.g. WhatsApp) or other equivalent electronic means and to send the invoice in electronic format by e-mail.
    • Manage the provision of the technical inspection service for customers, and manage the documentation required by the regulations in relation to such inspections together with the accounting, fiscal and administrative aspects of the service.
  2. We will also process your Personal Data in order to ensure an optimum level of compliance with the applicable legal obligations to which SYC is subject, as well as to cooperate with regulatory authorities and law enforcement authorities when necessary, according to the provisions in Section 4 of this Privacy Policy:
    • To communicate your personal data, as well as other additional  information, in response to the requests issued by the competent authorities and/or bodies, as provided for in the applicable legislation or by law enforcement agents in the exercise of their functions.
      Compliance with the above legal obligations to which SYC is subject is required in order to comply with those required for the provision of the vehicle technical inspection service, such as among others,  through Royal Decree 920/2017, of 23 October, regulating the technical inspection of vehicles, as well as other related provisions and any others that apply to SYC.
  3. We will process your personal data on the basis of our legitimate interest for the following purposes:
    • To manage and improve the provision of the  public inspection service in the future, by making phone calls or sending reminders by email or via SMS, MMS or instant messaging services (e.g. WhatsApp) or other electronic media equivalents, of the next inspection date and due date of inspection.
    • To manage our Website.
    • To resolve your suggestions, queries or complaints.
    • To protect the security and/or integrity of our Website and IT infrastructure.
    • To send surveys via e-mail for quality control purposes.
    • To understand how you use our services, so that we can improve and further develop the functionalities, performance and support available on our Website, which may involve the provision of anonymous statistical information in relation to our visitors (without that  information  being able to be used to identify a particular user).
    • As mentioned in Section 4 of this Privacy Policy, among others, for communications to any of our employees, agents, partners, affiliates or other companies of Applus Group, that process Personal Data for the purposes described in this Privacy Policy.
    • In order to allow third party service providers and suppliers contracted by us to gain access to personal data so as to provide the services necessary to fulfil the purposes described in this Privacy Policy.
    • For any communication to third parties, as necessary and  as part of due diligence processes in the context of corporate restructuring operations of which we are part, in line with the provisions of Section 4 (d) of this Privacy Policy.

A balancing test is carried out to ensure that your interests or your fundamental freedoms and rights do not prevail over our legitimate interest when SYC processes Personal Data on the basis of its legitimate interests.

We will treat your personal data for the following purposes,provided you have provided your prior consent:

  • Participation in draws and promotions to which youregister;
  • For any other purpose of which you are informed at the time when you provide us your personal data, provided you have given us your prior consent for each particular treatment.

If we request your consent to treat your personal data, you may revoke that consent at any time by contacting us by sending an email to

3. What rights do you have concerning your personal data?

You have certain rights concerning your personal data, without prejudice to the provisions of local legislation. Such rights include:

  • To know how we are processing your Personal Data and access to Personal Data that SYC and other companies of the Applus+ Group have about you, as the case may be.
  • To request rectification of inaccurate or incomplete Personal Data.
  • To request the deletion of your Personal Data when they are no longer necessary for the purposes for which they were collected, in accordance with applicable law.
  • To limit the processing of your Personal Data under certain circumstances (in which case we will only process your personal data for the exercise and/or the defence of SYC’s rights).
  • To object to the processing of your Personal Data, taking into account certain circumstances and for reasons related to your particular situation (in which case we will only process your Personal Data for imperative legitimate reasons or for the exercise and/or defence of SYC’s rights).
  • This includes your right to object at any time, for reasons related to your particular situation, to our processing of your Personal Data on the basis of our legitimate interests or that of a third party, in which case we will cease to process your Personal Data unless we can base there are legitimate reasons for it.
  • To exercise your right to the portability of data, which will allow you to receive and reuse Personal Data in an electronic format usable for your own purposes and for different services without impediment to its use, including its transmission to a third party.
  • Revoke,at any time, the consent you have provided inconnection with a particular treatment.

We recommend you contact us to update or amend your personal information as soon as it changes, or if the Personal Data that we keep about you are inaccurate.

SYC commits to protect your Personal Data as described in this Privacy Policy, and under applicable law. If you have any questions or want to request additional information on how to exercise your rights, do not hesitate to contact us through the following e-mail address

4. How do we share your personal data and with whom?

SYC will share your Personal Data with third parties in the following circumstances:

  1. Service Providers and commercial partners. We will allow our service providers and commercial partners, who provide us the services for, among others, customer service (e.g.,  to  use the call centre, SMS or emails), administration (e.g. management of invoices, bank statements (e.g. provision of payment gateway for payment of services by phone using a debit or credit card), IT staff (e.g., database management, data or software), audit, and provision of services related to accreditations, as well as fiscal, insurance and legal services, to access your Personal Data.
  2. Entities of the Applus Group. SYC may share your personal data relating to invoicing for the service that we have provided, with other companies belonging to the Applus+ Group to which it belongs, for financial management, fiscal, administrative and internal reporting and research purposes. You can find a list of entities belonging to Applus+ Group on:
  3. Law enforcement authorities, judges and courts, regulatory bodies, government authorities or other competent third parties. We may share your Personal Data with these third parties where necessary to meet a legal or regulatory obligation, or to otherwise protect our own rights as well as the rights of third parties.
  4. Buyers of assets and mergers. We will share your Personal Data with any third party who purchases, or to whom we transfer all or almost all of our assets and businesses, or with those with which we carry out a merger, consolidation, integration or similar restructuring. If such sale or transfer is performed, we will use all reasonable efforts to ensure that the entity to which we transfer your Personal Data will process them in a manner consistent with this Privacy Policy.

Given that we operate as part of a global business, the recipients mentioned above can be found outside of their jurisdiction (or where we provide services), including third countries outside the European Union (“EU”) with respect to which it is considered that they do not provide an adequate level of protection of Personal Data. Please refer to the section “International Transfers of Data” for further information.

5. How do we protect your personal data?

We have implemented technical and organisational measures to ensure a level of security appropriate to the risk for the Personal Data processed. These measures are intended to ensure the integrity and confidentiality of Personal Data. We evaluate these measures periodically to ensure the safety of data processing.

6. How long do we keep your personal data?

We will retain your Personal Data for as long as we maintain a relationship with you and for a period of five (5) years from that time. We will only retain your Personal Data after the expiry of that period if we are obliged to do so in compliance with the law, or in the event that there are outstanding claims or complaints that reasonably require the conservation of your Personal Data.

In the event that the purpose of the treatment is the participation in draws or similar promotions, the period of conservation shall be limited to the time from its inscription to the draw and/or the specific promotion, up to one (1) year after the celebration and conclusion of the event.

7. International data transfers

Your Personal Data may be transferred to, stored, and processed in countries like Philippines or the United States of America, that do not provide an adequate level of protection of personal data in accordance with  European Union legislation.

We have implemented appropriate guarantees (in particular, contractual commitments) in accordance with the applicable legal requirements, in order to ensure that your data are protected in an appropriate manner, on the basis of contractual clauses approved by the European Commission, which can be viewed at:

  • Standard contractual clauses for the transfer of personal data from the European Community to third countries (transfers between data processors): Decision 2001/497/EC
  • Standard contractual clauses for the transfer of personal data to data processors established in third countries: Decision 2010/87/EU.

For more information on these guarantees, please contact us as indicated in paragraph 8 of this Policy.

8. Please contact us

SYC is responsible for the processing of data in relation to the Personal Data that we collect and process.

If you have any question or queries about the processing of your personal data, please contact us via

We are committed to working with you to obtain a fair resolution with respect to any claim or query related to the privacy policy. However, if you believe that we have not been able to help you with your claim or query, you have the right to file a complaint with the Spanish Data Protection Agency through its website

9. Changes to this privacy policy

You have the right to request a copy of this Privacy Policy using the contact information listed above. This Privacy Policy is subject to change from time to time, as deemed necessary.

If we change this Privacy Policy, we will notify you of the changes. We will notify you well in advance so that you have the opportunity to exercise your rights (for example, among others, to object the processing), in those cases when changes to Privacy Policy have a fundamental impact on the nature of the processing, or somehow have a significant impact on you.

Likewise, and to the extent that SYC is based on consent to carry out any of its treatment activities, we will make sure to request your consent when the aforementioned changes may have a substantial impact on the Treatment in question before such changes become effective.